Standard

This document defines a privacy architecture framework that:

— specifies concerns for ICT systems that process PII;

— lists components for the implementation of such systems; and

— provides architectural views contextualizing these components.

This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII.

It focuses primarily on ICT systems that are designed to interact with PII principals.

ISO/TS 12812-3:2017 specifies the interoperable lifecycle management of applications used in mobile financial services. As defined in ISO 12812‑1, an application is a set of software modules and/or data needed to provide functionality for a mobile financial service.

This document deals with different types of applications which is the term used to cover authentication, banking and payment applications, as well as credentials.

ISO/TS 12812-4:2017 provides comprehensive requirements and recommendations, as well as specific use cases for implementation of interoperable mobile payments-to-persons.

The emphasis is placed on the principles governing the operational functioning of mobile payments-to-persons systems and processes, as well as the presentation of the underlying technical, organizational, business, legal and policy issues, leveraging legacy infrastructures of existing payment instruments.

SO/TS 12812-5:2017 focuses on mechanisms by which a person ("consumer", "payer" or "business") uses a mobile device to initiate a payment to a business entity ("merchant" or "payee"). Such a payment may use the traditional merchant point of interaction (POI) system, where the manner of settling the payment follows well-established merchant services paradigms.

ISO 14721:2012 defines the reference model for an open archival information system (OAIS). An OAIS is an archive, consisting of an organization, which may be part of a larger organization, of people and systems that has accepted the responsibility to preserve information and make it available for a designated community. It meets a set of such responsibilities as defined in this International Standard, and this allows an OAIS archive to be distinguished from other uses of the term "archive".

This standard was last reviewed and confirmed in 2018. Therefore this version remains current.

Draft Recommendation ITU-T Y.3504 (formerly Y.DaaS-arch), "Functional Architecture for Desktop as a Service"

Draft new Recommendation ITU-T Y.BaaS-reqts: Cloud computing - functional requirements for blockchain as a service

Draft new Recommendation ITU-T Y.ccvnf-dm: "Cloud computing - Data model framework for NaaS OSS virtualized network function"

This recommendation provides end-to-end fault and performance management framework of virtual network services (VNSs) in inter-cloud computing and relevant use cases. In particular, the aspects of faults detection and localization of affected area in inter-cloud environments is presented.

ISO 12812-2:2017 describes and specifies a framework for the management of the security of MFS. It includes

- a generic model for the design of the security policy,

- a minimum set of security requirements,

- recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication

ISO 12812-1:2017 defines the general framework of mobile financial services (payment and banking services involving a mobile device), with a focus on:

a) a set of definitions commonly agreed by the international financial industry;

b) the opportunities offered by mobile devices for the development of such services;

c) the promotion of an environment that reduces or minimizes obstacles for mobile financial service providers who wish to provide a sustainable and reliable service to a wide range of customers (persons and businesses), while ensuring that customers' interests are protected;

d) the different types of mobile financial services accessed through a mobile device including mobile proximate payments, mobile remote payments and mobile banking, which are detailed in other parts of ISO 12812;

e) the mobile financial services supporting technologies;

f) the stakeholders involved in the mobile payment ecosystems.

ISO/IEC 29100:2011 provides a privacy framework which

• specifies a common privacy terminology;
• defines the actors and their roles in processing personally identifiable information (PII);
• describes privacy safeguarding considerations; and
• provides references to known privacy principles for information technology.

ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.